In the past couple of weeks, Apple has released new versions of a number of updates, which are now available for download by folks running Apple’s Software Update service or third-party tools like Reposado. Most of these updates were for older OSs where Apple has since stopped providing new updates. When these updates were checked, there didn’t seem to be any difference between the “old” and “new” versions of the installers.

Once the Apple Software Update Certification Authority certificate authority expires, that breaks the chain of trust for any certificates that rely on it. As a consequence, a Software Update certificate used to sign an installer which uses the expired Apple Software Update Certification Authority won’t be trusted even though the Software Update certificate itself expires in 2019.

Apple is addressing this situation by re-signing and re-issuing updates, a process which will hopefully be completed before the Apple Software Update Certification Authority expiration date of 2-14-2015. It also appears that sometime in 2013, Apple started using a new Apple Software Update Certification Authority certificate authority when signing installers. This newer certificate authority has an expiration date of 10-24-2019.

Share this:

Like this:

Related

Hello Rich, many thanks for sharing your knowledge here!!!
I was wondering if what now happens to my cascading SUS may be somehow related to this subject
I have some cascading 10.6.8 SUS pointing to a 10.9 central SUS and everything used to work perfectly (having modified swupd.conf and swupd.plist so that I can have 10.7-10.8-10.9 updates being served to local clients from the 10.6.8 SUS)
Now it seems that all recent “old” updates Apple re-released can’t be passed to the cascading servers
They all appears with the usual (old style) “grey dot + exclamation mark” as if they were not dowloaded (and if fact they were not!), catalogs seem fine but they don’t seem to be available on the central repository.
All the others recent updates – including “XprotectPlistConfigData” released 02/12/15 and “Gatekeeper Configuration Data” released 02/11/15 are correctly downloaded
The issue seems limited to the “old” updates re-released on Feb 9th and 10th

Hello Rich, many thanks for sharing your knowledge here!!!
I was wondering if what now happens to my cascading SUS may be somehow related to this subject
I have some cascading 10.6.8 SUS pointing to a 10.9 central SUS and everything used to work perfectly (having modified swupd.conf and swupd.plist so that I can have 10.7-10.8-10.9 updates being served to local clients from the 10.6.8 SUS)
Now it seems that all recent “old” updates Apple re-released can’t be passed to the cascading servers
They all appears with the usual (old style) “grey dot + exclamation mark” as if they were not dowloaded (and if fact they were not!), catalogs seem fine but they don’t seem to be available on the central repository.
All the others recent updates – including “XprotectPlistConfigData” released 02/12/15 and “Gatekeeper Configuration Data” released 02/11/15 are correctly downloaded
The issue seems limited to the “old” updates re-released on Feb 9th and 10th